Description

To trigger the issue, three configuration parameters must have specific settings: "hostname-char-set" must be left at the default setting, which is "[^A-Za-z0-9.-]"; "hostname-char-replacement" must be empty (the default); and "ddns-qualifying-suffix" must *NOT* be empty (the default is empty). DDNS updates do not need to be enabled for this issue to manifest. A client that sends certain option content would then cause kea-dhcp4 to exit unexpectedly. This issue affects Kea versions 3.0.1 through 3.0.1 and 3.1.1 through 3.1.2.

INFO

Published Date :

2025-10-29T18:02:39.421Z

Last Modified :

2025-10-29T18:22:23.455Z

Source :

isc
AFFECTED PRODUCTS

The following products are affected by CVE-2025-11232 vulnerability.

Vendors Products
Isc
  • Kea
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-11232.

URL Resource
https://kb.isc.org/docs/cve-2025-11232 cve-icon cve-icon cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2025-11232 cve-icon
https://www.cve.org/CVERecord?id=CVE-2025-11232 cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact